Software programs operating on a host system often interact with other software, firmware, or hardware components and/or agents executing on the same host system. The software programs may be divided on the operating environment (hardware and/or software) of the host system based on levels of privilege. For example, some operating systems may have several rings of privilege. The software programs are traditionally protected only by the privilege levels associated with executing code. Each different level of privilege allows software executing within that level to perform a certain set of operations, while disallowing other operations. However, traditional operating environments provide unrestricted access to virtually any platform resources (hardware and/or software) from programs of many different privilege levels. In addition, programs executing within a given privilege level typically have access to some or all of the resources used by other programs executing in that privilege level. Thus, there is no protection of software programs within privilege levels on the platform, making the software programs vulnerable to compromise if another software program of the same privilege level becomes compromised.
Many operations involving interaction with another component either in the host system or external to it over a network normally request identification of the executing software program. However, because identity of a software program is traditionally defined by possession of one or more keys, or software values/strings, any program or software executing that has access to the keys may traditionally be deemed to have the identity represented by the keys. Thus, traditional platforms do not provide adequate safeguards to ensure that a software program is securely identified with software mechanisms prior to performing actions tied to the identity of the software program.
Current hardware-based methods for proving identity of a message sender include system management interrupt (SMI) and trusted platform module (TPM) based core root of trust measurement (CRTM), such as solutions from the Trusted Computing Platform Alliance (TCPA) and Trusted Computing Group (TCG), or an equivalent solution. These methods are generally considered to be more secure than many or all current software-based solutions for at least the reason that access to keys is restricted with hardware components. Disadvantages to these solutions include the complexity of implementation, and the fact that they may be hidden from the operating system (OS). In some cases, for example, the use of a TPM, additional discrete hardware components are required in a protected system, which may increase the difficulty of implementation.